WormWarner is a tool designed to warn hosts that are probably infected by worms. This is done by scanning the Apache log files and sending email to the host or the ISP when an worm or attack is detected. Wormwarner started in September 2002 as a small project written in Perl.

Wormwarner has a simple pattern database which makes it easy to add new worm patterns as they appear. Another important feature is the build in rate and mail size control which avoids that wormwarner sends out to much email to an ISP. Wormwarner has also the option to excute external commands, which makes it easy to adapt i.e. firewalls based on the attacks and worms detected by wormwarner.

However there were features requests and the application grown in complexity. The goal of the wormwarner project is to provided users with a powerful and flexible, but benign tool to take action against worms and attacks on their webserver(s).

What's New in This Release:

· The attack complaint message was changed to a less offensive one.· "GET /scripts/nsiislog.dll" was added to the attack patterns.· Various formmail exploits were added to the attack patterns.· Added the smtp option to specify a mailserver to use to send the warnings to the ISP.· Patterns are now stored in pattern.db which makes it easier to add patterns.· The IIS WebDAV exploit was added to the patterns